Image: art-skvortsova, remix by Emily Lipstein
Hacking. Misinformation. Observation. CYBER is a podcast on the motherboard and reports on the dark part of the Internet.
“Okay, it looks like we found a match for an administrator,” Serena DiPenty said in a TikTok video. DePenty, which goes through the shenetworks of the platform, creates educational hacking content to raise awareness of some cybersecurity issues and attract a younger audience to security.
“We’re in, too,” DiPenti’s TikTok continues. She demonstrates a tool called Hydra that reviews a list of words and then uses them to try to enter the target website. In this case, the site is not a real goal; DiPenti uses tryhackme.com, a service that provides a controlled environment for people to test their hacking skills.
However, TikTok removed the video under its harassment and harassment policy. TikTok then banned a second similar video uploaded by DiPenti, but with a clearer educational disclaimer, and also temporarily banned it from publishing. By comparison, DiPenti told Motherboard that Instagram did not remove the original video when it uploaded it as a reel.
There are many reasons for someone to want to be educated in hacking techniques. Maybe they are interested in becoming a penetration tester, someone who researches a company to detect vulnerabilities so that they can be fixed. Or maybe they want to better understand how hackers actually work and then defend themselves. The idea that all hacking is done only by malicious people is outdated at this stage – the challenge for social networks is effective and reliable to apply against materials that are not intended for educational, but instead harmful.
“I think if people are not aware of the potential security threats they face, they have no way to defend themselves,” DiPenty told Motherboard in an online chat. “Removing these videos and punishing the creators of the security who create them is pretty bad. This is also very discouraging. They will lose their creators completely when people get tired of taking the time to create all this content to get rid of it. immediately. “
Do you have access to internal TikTok moderation documents? We look forward to hearing from you. Using a non-working phone or computer, you can securely contact Joseph Cox on Signal on +44 20 8133 5190, Wickr on josephcox or send an email to email@example.com.
DiPenti is not the only one. TikTok has also removed content from other security creators, highlighting the gray area in which TikTok places this type of material. Some hacker content on the platform will be maliciously managed, but here the creators are focused on education.
“Really everyone posts security content,” DiPenty said.
Jonathan Bored, creator in TikTok and other platforms, told Motherboard, “Videos with NOTHING close[ly] related to hacking or cybersecurity.
“Almost always,” he added.
Boring said that the content is often recovered. But this still creates an obstacle in which creators have to appeal decisions and face the prospect of being banned if too many of their videos are found to have violated the site’s community guidelines. The suspension will last 3 days, after which the appeal may take more than 48 hours, Boring said.
Borung suggests that he eventually self-censored to avoid being triggered by TikTok.
“I have to avoid words like ‘hacking,’ ‘hacking,’ ‘hacker,’ etc.,” he said. He added that he could not make any videos on HackRF Portapack H2, a radio software add-on defined by HackRF.
“The name itself removes the video. That’s why I just called it Portapack H2,” he added.
Marcus Hutchins, commonly known as MalwareTech and for his role in stop the WannaCry ransomware attack, said TikTok has also removed its videos.
“Many of us had the same problems in the early days of YouTube and other platforms. It seems to be a constant problem when the platforms are newer,” he told Motherboard. “I think too much moderation can lead to the same problems it does everywhere: make the platform unusable.”
TikTok told Motherboard that while the platform does not allow criminal activity or harassment, it makes exceptions for some educational content. When the motherboard sent an example of one of the removed DiPenti videos, TikTok told the motherboard that the video had been removed by mistake and restored it.
A day later, TikTok removed it again.
“TikTok removed the same video again. And I can’t appeal it,” DiPenty told Motherboard.
Subscribe to our cybersecurity podcast, CYBER.